Google Defends Privacy Policy to European Watchdog

Web search giant Google Inc defended its new privacy policy as lawful and cited measures to educate users about it, in a letter sent on Thursday to French data protection regulators investigating its approach.

Web search giant Google Inc
defended its new privacy policy as lawful and cited
measures to educate users about it, in a letter sent on Thursday
to French data protection regulators investigating its approach.

Google sent responses to half of the questions asked by
France's Commission Nationale de l'Informatique (CNIL) about
three weeks ago in the form of an 18-page letter and a lengthy
annex. It will provide the rest by April 15.

The CNIL will then analyse the responses in its role as
leader of the investigation on behalf of data protection
regulators in Europe's 27 member states. The CNIL has already
said it has "strong doubts" that Google's new approach to
privacy complies with European law.

The French data protection watchdog in March asked Google to
explain what it will do with user data it collects, how long it
will store it and whether it will be linked to the person's real
identity, as well as the legal justification for its approach.

Jacob Kohnstamm, who heads the Netherlands' data protection
authority and the pan-European advisory body that gathers all
such regulators, told Reuters that the investigation could lead
Google to face a range of sanctions.

The CNIL can either issue an administrative caution, giving
the company anything from a week to a few months to rectify its
actions, or impose an outright fine, Kohnstamm said, explaining
that many countries in the EU approach breaches differently.

Google's global privacy counsel Peter Fleischer said in his
letter to the CNIL that the company was committed to providing
users with comprehensive privacy information and willing to meet
European regulators to explain its approach.

"We are convinced that the overall package of our privacy
notices respects completely the requirements of European data
protection law," wrote Fleischer.

Google said in January it was simplifying its privacy
policy, consolidating 60 guidelines into a single one that will
apply for all its services, including YouTube, Gmail and its
social network Google+.

The U.S. company also said it will pool data it collects on
individual users across its services, allowing it to better
tailor search results and improve service.

Users cannot opt out of the new policy, which took effect in
early March, if they want to continue using Google's services.

The debate over data privacy comes at a delicate time for
Google, whose business model is based on giving away free
search, email, and other services while making money by selling
user-targeted advertising.

It is already being investigated by the EU's competition
authority over how it ranks search results and whether it
favours its own products over rival services. EU Competition
Commissioner Joaquin Almunia said last month he would decide
whether to formally charge Google after Easter on April 8 or
drop the investigation which began in 2010.

The European Union is also in the process of writing a new
law to tighten data protection online, which includes creating a
so-called right to be forgotten. That would allow people under
some circumstances to request the removal of data they had
submitted or posted on websites.

Among the issues the CNIL raised in its questions was
whether Google will track people using mapping, search their
smartphones, or use facial recognition technology on users'
photos.

In the first batch of responses to the CNIL, Google said
that it did gather and process location data on its users when
they used services such as Google Maps and social network
Google+ but that it was on an opt-in basis.